Fundamental fintech shift coming

Far-reaching changes that govern Europe’s retail banking system will be implemented early this year – and the effects will be felt in South Africa.

Several local banks that have branches in Europe will have to comply with a new European Union (EU) directive that is intended to open banking and payments to a range of new players in the fintech sector.

The second Payment Services Directive (PSD2), which is effective in January, makes it possible for consumers to consent to third-party providers accessing their account data, so that these businesses can help manage their finances across accounts and enable faster and more convenient payments.

People will be able to use new digital services to pay bills, transfer money, aggregate account data, and analyse spending, for example. Banks will be obliged to provide such third-parties access to their customers’ accounts through what are called open APIs – application program interfaces. This software will allow new financial services companies to operate by accessing banks’ existing data and infrastructure.

While this change is good news for consumers in that it offers them a greater variety of financial services to choose from, it poses a number of challenges for the traditional banks that most people still rely on for financial and payment services.

“Currently consumers who hold accounts at multiple institutions need to log into each account via that institution’s digital interface, whether this be via a mobile app or an online portal,” says Gerhard Oosthuizen, CIO of fintech security firm Entersekt.

“But to promote competition in the financial services sector and improved ease of use for consumers, PSD2 makes provision for data aggregators. These allow for a single view of accounts at multiple providers, such as insurance companies, payment services, credit card issuers, and mortgage lenders,” he says.

PSD2 will open up banking and offer consumers more freedom, not only when it comes to accessing and sharing their financial data, but also when engaging in financial transactions.

This freedom, says Oosthuizen, does not mean less security.

“PSD2 requires banks to put strong customer authentication (SCA) methods in place. The industry standard for SCA is based on multi-factor authentication, where two or more authentication factors in different categories are used. For example, consumers would have to verify information on something they have, something they know, and something they are.

“Security breaches are now so commonplace, they often do not even make headlines. SCA has become a key focus area in protecting consumers and giving them more control over financial transactions. Organisations that do not have SCA measures in place will certainly feel the effects of this. In the financial services industry especially, SCA has become not only a regulatory standard, but also a business essential,” he concludes.